SUMMARY: ssh attacks

From: Dr. Hans Ekkehard Plesser (hans.ekkehard.plesser@nlh.no)
Date: Thu Sep 09 2004 - 04:50:12 EDT

• Next message: Martin Simmen: "XP1000 no graphics"
• Previous message: Mark Schubert: "How many processes can I have?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Please excuse my belated summary. I had experienced ssh-login attacks on a
Tru64 machine I am managing. Thanks to Jean-Pierre Denis for pointing out
the attacker, brutessh2. You can find the source code here:

        http://www.k-otik.com/exploits/08202004.brutessh2.c.php

After 100 unsuccessful ssh-login attempts as root, the C2 intrusion detection
system locked the root account.

At present, I need to allow ssh login to the machine, but I have disabled ssh
login from root to improve security somewhat.

Hans

- --
Dr. Hans Ekkehard Plesser
Associate Professor

Department of Mathematical Sciences and Technology
Agricultural University of Norway

Phone +47 6494 8832
Fax +47 6494 8810
Home http://arken.nlh.no/~imfhep
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFBQBlEbuXhp9E3LTsRAjA9AJ0e0r1RaIMQ1DqSPto+IeEy8XZMmACgqvOb
FOUSv0XBdcY+4jZ6wydUcUE=
=8Ksn
-----END PGP SIGNATURE-----

• Next message: Martin Simmen: "XP1000 no graphics"
• Previous message: Mark Schubert: "How many processes can I have?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:50:07 EDT